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2.  Research  Objectives 

Multithreaded  programs  are  getting  increasingly  pervasive  and  critical.  Unfortunately,  they 
remain  extremely  difficult  to  write.  This  difficulty  has  led  to  many  subtle  but  serious 
concurrency  vulnerabilities  such  as  race  conditions  in  real-world  multithreaded  programs.  Just 
as  vulnerabilities  in  sequential  programs  can  lead  to  security  exploits,  concurrency 
vulnerabilities  can  also  be  exploited  by  attackers  to  gain  privilege,  steal  information,  inject 
arbitrary  code,  etc.  Concurrency  attacks  targeting  these  vulnerabilities  are  impending  (see  CVE 
http://www.cvedetails.com/vulnerability-list/cweid-362/vulnerabilities.html),  yet  few  existing 
defense  techniques  can  deal  with  concurrency  vulnerabilities.  In  fact,  many  of  the  traditional 
defense  techniques  are  rendered  unsafe  by  concurrency  vulnerabilities. 

The  objective  of  this  project  is  to  take  a  holistic  approach  to  creating  novel  program 
analysis/protection  techniques  and  a  system  called  DASH  to  secure  multithreaded  programs 
and  harden  traditional  defense  techniques  in  a  concurrency  environment.  We  do  so  by 
selectively  combining  static  and  dynamic  techniques,  thus  getting  the  best  of  both  worlds.  We 
anticipate  numerous  contributions  from  this  project;  the  main  ones  are:  (1)  a  thorough 
understanding  of  concurrency  attacks  and  their  implications  to  traditional  defense  techniques; 


(2)  accurate  and  effective  techniques  to  detect,  avoid,  and  survive  concurrency  vulnerabilities; 
and  (3)  hardening  of  traditional  defense  techniques  for  multithreaded  programs.  The  greatest 
impact  of  our  project  is  a  novel  approach  and  the  DASH  system  for  improving  software  security 
and  reliability,  thus  greatly  benefiting  the  Nation's  cyber  security.  DASH  can  also  be  used  for 
offense:  the  Military  can  gain  new  competitive  means  in  cyber  warfare  by  running  DASH  to 
identify  concurrency  vulnerabilities  in  the  infrastructure  of  hostile  nations. 

3.  Brief  Description  of  the  proposed  efforts 


Two  trends  have  caused  multithreaded  programs  to  become  pervasive  and  critical.  The  first  is  a 
hardware  trend:  the  rise  of  multicore  computing.  For  years,  sequential  code  enjoyed  automatic 
speedup  as  computer  architects  steadily  made  single-core  multiprocessors  faster.  Recently, 
however,  this  "free  lunch  is  over":  power  and  wire-delay  constraints  have  forced 
microprocessors  into  multicore  designs,  and  adding  more  cores  does  not  automatically  speed 
up  sequential  code.  Thus,  developers,  including  those  working  for  various  government 
agencies,  are  writing  more  and  more  multithreaded  code. 

The  second  trend  is  a  software  one:  the  coming  storm  of  cloud  computing.  More  and  more 
services,  including  many  traditionally  offered  on  desktops  (e.g.,  word  processing),  are  now 
served  from  distributed  "clouds"  of  servers  to  meet  the  current  computing  demands  for  high 
scalability,  always-on  availability,  everywhere  connectivity,  and  desirable  consistency.  These 
services  are  also  getting  ever  richer  and  more  powerful— and  thus  computation  and  data 
intensive.  To  cope  with  this  massive  workload,  practically  all  services  today  employ  threads  to 
increase  performance. 

Unfortunately,  despite  our  increasing  reliance  on  multithreaded  programs,  they  remain 
extremely  difficult  to  write.  This  difficulty  has  led  to  many  subtle  but  serious  concurrency 
vulnerabilities  such  as  race  conditions  in  real-world  multithreaded  programs.  Multithreaded 
programs  are  the  most  widespread  parallel  programs,  yet  many  luminaries  in  computing 
consider  parallel  programming  one  of  the  top  challenges  facing  computer  science.  As  John 
Hennessy  once  put:  "when  we  start  talking  about  parallelism  and  ease  of  use  of  truly  parallel 
computers,  we're  talking  about  a  problem  that's  as  hard  as  any  that  computer  science  has 
faced."  Just  as  vulnerabilities  in  sequential  programs  can  lead  to  security  exploits,  concurrency 
vulnerabilities  can  similarly  compromise  security  and  lead  to  what  we  call  concurrency  attacks. 
Our  recent  study  of  real  concurrency  vulnerabilities  shows  that  these  vulnerabilities  are  very 
dangerous:  they  allow  attackers  to  corrupt  arbitrary  program  data,  inject  malicious  code,  and 
escalate  privileges.  Worse,  in  addition  to  being  directly  exploited  by  attackers,  concurrency 
vulnerabilities  also  compromise  key  defense  techniques  we  used  to  trust.  For  instance,  consider 
an  information  flow  tracking  mechanism  that  tracks  whether  each  piece  of  program  data  is 
classified  or  not  using  a  metadata  tag.  An  attacker  may  exploit  a  race  condition  on  program 


data  to  make  the  data  and  the  tag  inconsistent,  thus  evading  the  information  flow  tracking 
mechanism. 

We  believe  concurrency  attacks  are  an  imminent  threat  to  the  Nation's  cyber  security:  they  are 
becoming  a  major  form  of  future  cyber-attacks.  Unfortunately,  we  currently  lack  a  thorough 
understanding  of  concurrency  attacks.  Nor  do  we  have  automated  and  effective  techniques  to 
detect,  avoid,  or  survive  concurrency  vulnerabilities.  Despite  repeated  efforts,  precisely  and 
comprehensively  analyzing  multithreaded  programs  has  been  an  open  challenge  for  at  least 
three  decades. 

The  key  reason  that  multithreaded  programs  are  so  difficult  to  analyze  is  that  each  run  of  a 
multithreaded  program  may  interleave  the  threads  differently.  For  a  typical  multithreaded 
program,  the  number  of  these  thread  interleavings,  or  schedules,  is  enormous— asymptotically 
exponential  in  the  program  size.  Existing  methods  to  analyze  multithreaded  programs  are 
either  static  (compile-time)  or  dynamic  (runtime),  yet  both  have  difficulties  analyzing  this 
enormous  number  of  schedules.  Specifically,  static  techniques  can  analyze  all  statements  that  a 
compiler  can  see,  but  it  is  not  good  at  reasoning  about  runtime  behaviors  such  as  all  possible 
schedules  that  may  occur.  Thus,  it  has  to  over-approximate  these  schedules,  often  resulting  in 
poor  precision  and  tons  of  false  positives  when  applied  to  concurrency  vulnerability  detection. 
Dynamic  techniques  can  precisely  reason  about  the  schedules  executed  at  runtime.  However, 
they  can  analyze  only  the  schedules  occurred,  and  they  rarely  cover  more  than  a  tiny  fraction  of 
all  possible  schedules.  Thus,  the  next  execution  of  a  multithreaded  program  may  well  use  an 
unchecked  schedule  and  run  into  a  concurrency  vulnerability. 

The  objective  of  this  proposal  is  to  take  a  holistic  approach  to  creating  novel  program 
analysis/protection  techniques  and  the  DASH  system  to  effectively  detect,  avoid,  and  survive 
concurrency  vulnerabilities  and  harden  traditional  defense  techniques  in  a  concurrency 
environment.  We  address  this  open  challenge  of  creating  secure  and  reliable  multithreaded 
programs  by  selectively  combining  static  and  dynamic  techniques,  thus  getting  the  best  of  both 
worlds.  Specifically,  we  guide  static  analysis  using  real  schedules  observed  at  runtime.  By 
targeting  static  analysis  toward  only  the  schedules  that  matter,  we  drastically  improve  its 
precision.  We  then  protect  the  execution  of  multithreaded  programs  by  dynamically  enforcing 
the  schedules  that  are  thoroughly  checked  and  deemed  free  of  concurrency  vulnerabilities.  The 
feedback  loop  formed  by  integrating  static  and  dynamic  analysis  positively  enhance  each  other, 
resulting  in  more  secure  and  reliable  multithreaded  programs. 

To  fully  evaluate  our  approach,  we  plan  to  go  "from  soup  to  nuts"  in  designing  and  building  a 
prototype  system  of  DASH  and  applying  it  to  real  multithreaded  programs.  Besides  the  DASH 
system  and  the  novel  approach  of  combining  static  and  dynamic  techniques  to  harden 
multithreaded  programs,  we  anticipate  five  additional  contributions  within  the  proposed 
research: 

•  A  thorough  study  of  concurrency  attacks  and  their  implications  to  traditional  defense 
techniques; 


•  Schedule-guided  detection,  a  static  analysis  technique  to  accurately  and  effectively  detect 
concurrency  vulnerabilities; 

•  Schedule  enforcement,  a  software  protection  technique  to  enforce  the  schedules  that  are  well 
checked  and  deemed  correct,  thus  avoiding  potential  concurrency  vulnerabilities  in  unchecked 
schedules; 

•  Schedule  diversification,  a  software  diversification  technique  to  survive  previously  unknown 
concurrency  vulnerabilities;  and 

•  Hardening  of  traditional  defense  techniques  such  as  taint  tracking  and  information  flow 
tracking  for  multithreaded  programs. 

Applications  of  the  Proposed  Research.  The  greatest  impact  of  our  project  is  a  novel  approach 
and  new,  effective  systems  and  technologies  to  improve  software  security  and  reliability, 
greatly  benefiting  the  Nation's  cyber  security.  I  plan  to  leverage  my  long-term  connections  with 
Microsoft,  the  biggest  software  company,  and  Coverity,  a  top  software  quality  assurance 
startup,  to  make  the  technologies  developed  within  this  effort  available  to  the  public  (see 
letters  of  support  for  technology  transfer  opportunities).  We  envision  numerous  applications  of 
the  proposed  research.  The  main  ones  include: 

1.  The  thorough  understanding  of  concurrency  vulnerabilities  we  develop  helps  other 
researchers  and  practitioners  to  come  up  with  new  defense  techniques. 

2.  Developers  of  multithreaded  programs  can  use  DASH  to  accurately  detect  concurrency 
vulnerabilities  in  their  code.  By  fixing  these  concurrency  vulnerabilities,  they  create  more 
secure  and  reliable  multithreaded  programs  that  can  both  efficiently  use  the  power  of 
multicore  hardware  and  effectively  fend  off  concurrency  attacks. 

3.  Users  of  multithreaded  programs  can  use  DASH  to  avoid  or  survive  concurrency 
vulnerabilities  at  runtime,  further  strengthening  the  Nation's  cyber  infrastructure  and 
increasing  its  resilience  against  concurrency  attacks. 

4.  Builders  of  traditional  defense  techniques  such  as  information  flow  tracking  can  use  DASH  to 
harden  their  techniques  and  achieve  the  same  safety  guarantees  for  both  sequential  and 
multithreaded  programs. 

5.  Alternatively,  DASH  can  be  used  for  offense.  For  instance,  the  Military  can  gain  new 
competitive  means  in  cyber  warfare  by  running  DASH  to  identify  concurrency  vulnerabilities  in 
the  infrastructure  of  hostile  nations.  Furthermore,  although  we  focus  on  multithreaded 
programs  in  this  effort,  many  proposed  techniques  benefit  concurrent  programs  written  in 
other  programming  models,  such  as  MPI  and  OpenMP. 


4.  Results  from  the  project 


Since  the  beginning  of  the  project,  we  have  made  tremendous  progress  developing  four 
components  of  the  project,  including  the  thorough  study  of  concurrency  attacks  and  their 
implications  to  traditional  defense  techniques;  schedule-guided  detection,  a  static  analysis 
technique  to  accurately  and  effectively  detect  concurrency  vulnerabilities;  schedule 
enforcement  and  diversification,  software  protection  techniques  to  enforce  the  schedules  that 
are  well  checked  and  deemed  correct,  thus  avoiding  potential  concurrency  vulnerabilities  in 
unchecked  schedules;  and  Hardening  of  traditional  defense  techniques  such  as  taint  tracking 
and  information  flow  tracking  for  multithreaded  programs.  Our  results  have  led  to  total  15 
publications  at  the  best  venues,  26  invited  talks  at  many  universities  and  research  institutes, 
and  several  releases  of  open  source  software. 

Relevant  Publications  (total  15): 

1.  Eric  Koskinen  and  Junfeng  Yang.  Reducing  crash  recoverability  to  reachability.  In 
Proceedings  of  the  39th  Annual  Symposium  on  Principles  of  Programming  Languages 
(POPL  ’16),  January  2016.  (acceptance  rate:  23.3%,  59/253) 

2.  Heming  Cui,  Rui  Gu,  Cheng  Liu,  Tianyu  Chen,  and  Junfeng  Yang.  Paxos  made 
transparent.  In  Proceedings  of  the  25th  ACM  Symposium  on  Operating  Systems 
Principles  (SOSP  ’15),  October  2015.  (acceptance  rate:  16.1%,  30/186) 

3.  Xinhao  Yuan,  David  Williams-King,  Junfeng  Yang,  and  Simha  Sethumadhavan.  Making 
lock-free  data  structures  verifiable  with  artificial  transactions.  In  Eighth  Workshop  on 
Programming  Languages  and  Operating  Systems  (PLOS  ’15),  October  2015. 

4.  Heming  Cui,  Rui  Gu,  Cheng  Liu,  and  Junfeng  Yang.  Repframe:  An  efficient  and 
transparent  framework  for  dynamic  program  analysis.  In  Proceedings  of  6th  Asia- 
Pacific  Workshop  on  Systems  (APSys  ’15),  July  2015. 

5.  Yang  Tang  and  Junfeng  Yang.  Secure  deduplication  of  general  computations.  In 
Proceedings  of  the  USENIX  Annual  Technical  Conference  (USENIX  ATC  ’15),  2015. 
(acceptance  rate:  15.8%,  35/221) 

6.  Suzanna  Schmeelk,  Junfeng  Yang,  and  Alfred  Aho.  Android  malware  static  analysis 
techniques.  In  The  10th  Annual  Cyber  and  Information  Security  Research  (CISR) 
Conference,  2015. 

7.  Yinzhi  Cao  and  Junfeng  Yang.  Towards  making  systems  forget  with  machine 
unlearning.  In  Proceedings  of  the  2015  IEEE  Symposium  on  Security  and  Privacy.  In 
Proceedings  of  the  2015  IEEE  Symposium  on  Security  and  Privacy  (S&P  ’15),  2015. 
(acceptance  rate:  13.5%,  55/407) 


8.  Gang  Hu,  Xinhao  Yuan,  Yang  Tang,  and  Junfeng  Yang.  Efficiently,  effectively  detecting 
mobile  app  bugs  with  AppDoctor.  In  Proceedings  of  the  2014  ACM  European 
Conference  on  Computer  Systems  (EUROSYS  ’14),  April  2014.  (acceptance  rate:  18.4%, 
27/147) 

9.  Junfeng  Yang,  Heming  Cui,  Jingyue  Wu,  Yang  Tang,  and  Gang  Hu.  Determinism  is  not 
enough:  Making  parallel  programs  reliable  with  stable  multithreading. 
Communications  of  the  ACM,  2014.  (invited) 

10.  Heming  Cui,  Jiri  Simsa,  Yi-Hong  Lin,  Hao  Li,  Ben  Blum,  Xinan  Xu,  Junfeng  Yang, 
Garth  A.  Gibson,  and  Randal  E.  Bryant.  Parrot:  a  practical  runtime  for  deterministic, 
stable,  and  reliable  threads.  In  Proceedings  of  the  24th  ACM  Symposium  on  Operating 
Systems  Principles  (SOSP  ’13),  November  2013.  (acceptance  rate:  18.8%,  30/160) 

11.  Jingyue  Wu,  Gang  Hu,  Yang  Tang,  and  Junfeng  Yang.  Effective  dynamic  detection  of 
alias  analysis  errors.  In  Proceedings  of  the  Ninth  Joint  Meeting  of  the  European 
Software  Engineering  Conference  and  the  ACM  SIGSOFT  International  Symposium  on 
Foundations  of  Software  Engineering  (ESEC-FSE  ’13),  August  2013.  (acceptance  rate: 
20.3%,  51/251) 

12.  Junfeng  Yang,  Heming  Cui,  and  Jingyue  Wu.  Determinism  is  overrated:  What  really 
makes  multithreaded  programs  hard  to  get  right  and  what  can  be  done  about  it?  In  the 
Fifth  USENIX  Workshop  on  Hot  Topics  in  Parallelism  (HOTPAR  ’13),  June  2013. 

13.  Heming  Cui,  Gang  Hu,  Jingyue  Wu,  and  Junfeng  Yang.  Verifying  systems  rules  using 
rule-directed  symbolic  execution.  In  Eighteenth  International  Conference  on 
Architecture  Support  for  Programming  Languages  and  Operating  Systems  (ASPLOS 
’13),  March  2013.  (acceptance  rate:  23.1%,  44/191) 

Also  appeared  as  journal  publication: 

Heming  Cui,  Gang  Hu,  Jingyue  Wu,  and  Junfeng  Yang.  Verifying  systems  rules  using 
rule-directed  symbolic  execution.  SIGARCH  Comput.  Archit.  News,  41(l):329-432, 
2013. 

14.  Jingyue  Wu,  Yang  Tang,  Gang  Hu,  Heming  Cui,  and  Junfeng  Yang.  Sound  and  precise 
analysis  of  parallel  programs  through  schedule  specialization .  In  Proceedings  of  the 
ACM  SIGPLAN  2012  Conference  on  Programming  Language  Design  and 
Implementation  (PLDI  ’12),  pages  205-216,  June  2012.  (acceptance  rate:  18.8%,  48/255) 

Also  appeared  as  journal  publication: 

Jingyue  Wu,  Yang  Tang,  Gang  Hu,  Heming  Cui,  and  Junfeng  Yang.  Sound  and  precise 
analysis  of  parallel  programs  through  schedule  specialization.  SIGPLAN  Not., 
47(6):205-216,  June  2012. 


15.  Junfeng  Yang,  Ang  Cui,  Sal  Stolfo,  and  Simha  Sethumadhavan.  Concurrency  attacks.  In 
the  Fourth  USENIX  Workshop  on  Hot  Topics  in  Parallelism  (HOTPAR  ’12),  June 
2012. 

Relevant  Invited  Talks  (total  26): 

1.  7/2016  “Need  for  Speed:  Software  Tools  Edition.”  Microsoft  Research  Faculty  Summit. 
Host:  Suman  Nath 

2.  3/2016  “Build  Perfonnant  Apps:  Metrics,  Common  Issues,  and  Best  Practices.”  Droidcon 
San  Francisco.  Host:  Apps4all,  Touchlab 

3.  12/2015  “Build  Fluid  Apps  with  Android  Profiling  Tools.”  AnDevCon  Santa  Clara.  Host: 
BZ  Media 

4.  7/2015  “Build  Fluid  Apps  with  Android  Profiling  Tools.”  AnDevCon  Boston.  Host:  BZ 
Media 

5.  4/2014  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  Princeton  University.  Host:  Michael  Freedman 

6.  4/2014  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  University  of  Washington.  Host:  Tom  Anderson 

7.  02/2014  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  UCLA.  Host:  Todd  Millstein 

8.  12/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  UT  Austin.  Host:  Emmett  Witchel 

9.  11/2013  “Parrot:  A  Practical  Runtime  for  Deterministic,  Stable,  and  Reliable  Threads.” 
Princeton  University.  Host:  Michael  Freedman 

10.  11/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  UCSD.  Host:  Yuanyuan  Zhou 

11.  11/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  Stanford  University.  Host:  Alex  Aiken 

12.  10/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  Cornell  University.  Host:  Andrew  Myers 

13.  08/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  Microsoft  Research  Asia.  Host:  Lintao  Zhang 


14.  08/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  Beijing  University.  Host:  Yao  Guo 

15.  08/2013  “Determinism  Is  Not  Enough:  Making  Parallel  Programs  Reliable  with  Stable 
Multithreading.”  Shanghai  Jiaotong  University.  Host:  Haibo  Chen 

16. 07/2013  “Effectively  Model  Check  Real-World  Distributed  Systems.”  National 
University  of  Singapore.  Host:  Jin  Song  Dong 

17.  06/2013  “How  Useful  Is  Determinism  for  Reliability?”  Invited  panel  “Determinism: 
Blessing  or  Curse”  at  Fifth  USENIX  Workshop  on  Hot  Topics  in  Parallelism.  Host: 
Emery  Berger  and  Kim  Hazelwood 

18.  04/2013  “Effectively  Model  Check  Real-World  Distributed  Systems.”  Rutgers.  Host: 
Santosh  Nagarakatte 

19.  12/2012  “Effectively  Model  Check  Real-World  Distributed  Systems.”  CMU.  Host:  Garth 
Gibson 

20.  10/2012  “Pervasive  Detection  of  Process  Races  in  Deployed  Systems.”  University  of 
Southern  California.  Host:  Minlan  Yu 

21.  06/2012  “Improving  the  Reliability  and  Security  of  Parallel  Programs.”  Tsinghua 
University.  Host:  Wenguang  Chen 

22. 06/2012  “Improving  the  Reliability  and  Security  of  Parallel  Programs.”  Beihang 
University.  Host:  Chunming  Hu 

23. 06/2012  “Improving  the  Reliability  and  Security  of  Parallel  Programs.”  Beijing 
University.  Host:  Yao  Guo 

24.  06/2012  “Efficiently  and  Stably  Making  Threads  Deterministic.”  Invited  talk  at  4th 
International  Workshop  on  Practical  Synthesis  (co-located  with  PLDI).  Host:  Martin 
Vechev  and  Eran  Yahav 

25.  12/2011  “Efficiently  and  Stably  Making  Threads  Deterministic.”  Microsoft  Research. 
Host:  Madan  Musuvathi 

26.  11/2011  “Efficiently  and  Stably  Making  Threads  Deterministic.”  Telefonica  Research  at 
Spain.  Host:  Michael  Sirivianos 
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Abstract 

Multithreaded  programs  are  getting  increasingly  pervasive  and  critical.  Unfortunately,  they  remain 
extremely  difficult  to  write.  This  difficulty  has  led  to  many  subtle  but  serious  concurrency  vulnerabilities  such 
as  race  conditions  in  real-world  multithreaded  programs.  Just  as  vulnerabilities  in  sequential  programs  can 
lead  to  security  exploits,  concurrency  vulnerabilities  can  also  be  exploited  by  attackers  to  gain  privilege, 
steal  information,  inject  arbitrary  code,  etc.  Concurrency  attacks  targeting  these  vulnerabilities  are 
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existing  defense  techniques  can  deal  with  concurrency  vulnerabilities.  In  fact,  many  of  the  traditional 
defense  techniques  are  rendered  unsafe  by  concurrency  vulnerabilities. 

The  objective  of  this  project  is  to  take  a  holistic  approach  to  creating  novel  program  analysis/protection 
techniques  and  a  system  called  DASFI  to  secure  multithreaded  programs  and  harden  traditional  defense 
techniques  in  a  concurrency  environment.  We  do  so  by  selectively  combining  static  and  dynamic 
techniques,  thus  getting  the  best  of  both  worlds.  We  anticipate  numerous  contributions  from  this  project;  the 
main  ones  are:  (1 )  a  thorough  understanding  of  concurrency  attacks  and  their  implications  to  traditional 


defense  techniques;  (2)  accurate  and  effective  techniques  to  detect,  avoid,  and  survive  concurrency 
vulnerabilities;  and  (3)  hardening  of  traditional  defense  techniques  for  multithreaded  programs.  The 
greatest  impact  of  our  project  is  a  novel  approach  and  the  DASH  system  for  improving  software  security 
and  reliability,  thus  greatly  benefiting  the  Nation's  cyber  security.  DASH  can  also  be  used  for  offense:  the 
Military  can  gain  new  competitive  means  in  cyber  warfare  by  running  DASH  to  identify  concurrency 
vulnerabilities  in  the  infrastructure  of  hostile  nations. 
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